kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access ================================================================== general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 12067 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #349 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405 BUG: KASAN: stack-out-of-bounds in pgd_val arch/x86/include/asm/paravirt.h:414 [inline] BUG: KASAN: stack-out-of-bounds in p4d_page_vaddr arch/x86/include/asm/pgtable.h:895 [inline] BUG: KASAN: stack-out-of-bounds in pud_offset arch/x86/include/asm/pgtable.h:907 [inline] BUG: KASAN: stack-out-of-bounds in vmalloc_fault+0x6d0/0x770 arch/x86/mm/fault.c:397 ------------[ cut here ]------------ Read of size 8 at addr ffff8881da96cff8 by task syz-executor4/12086 kernel BUG at mm/slab.c:4425! invalid opcode: 0000 [#2] PREEMPT SMP KASAN CPU: 1 PID: 12086 Comm: syz-executor4 Not tainted 4.20.0-rc6+ #349 CPU: 0 PID: 12067 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #349 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: RIP: 0010:__check_heap_object+0xa7/0xb5 mm/slab.c:4425 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 Code: 48 c7 c7 7d 05 15 89 e8 f7 e1 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 7d 05 15 89 e8 5d ea 0a 00 44 89 e9 48 c7 c7 38 06 RSP: 0018:ffff8881da9194e0 EFLAGS: 00010046 RAX: 0000000000000001 RBX: 1ffff1103b5232a3 RCX: 000000000000000c RDX: ffff8881da918400 RSI: 0000000000000002 RDI: ffff8881da919688 print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256 RBP: ffff8881da9194e0 R08: ffff88819d332300 R09: ffff8881da800dc0 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412 R10: 0000000000001059 R11: 0000000000000000 R12: ffff8881da919688 R13: 0000000000000002 R14: ffffea00076a4600 R15: 0000000000000001 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 FS: 00007f4baec24700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 pgd_val arch/x86/include/asm/paravirt.h:414 [inline] p4d_page_vaddr arch/x86/include/asm/pgtable.h:895 [inline] pud_offset arch/x86/include/asm/pgtable.h:907 [inline] vmalloc_fault+0x6d0/0x770 arch/x86/mm/fault.c:397 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 do_kern_addr_fault arch/x86/mm/fault.c:1203 [inline] __do_page_fault+0x860/0xe60 arch/x86/mm/fault.c:1487 CR2: ffffc9000125a9b0 CR3: 00000001d1fc1000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1520 Modules linked in: ---[ end trace c29e96de070ea725 ]--- RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405 Code: e0 e8 fe 10 47 00 48 b8 00 00 00 00 80 88 ff ff 48 ba 00 00 00 00 00 fc ff df 48 01 c3 4d 21 e5 4c 01 eb 48 89 d9 48 c1 e9 03 <80> 3c 11 00 0f 85 b2 02 00 00 48 8b 1b 31 ff 49 89 dc 49 83 e4 9f RSP: 0018:ffff8881da91a698 EFLAGS: 00010006 RAX: ffff888000000000 RBX: 000f110180000048 RCX: 0001e22030000009 RDX: dffffc0000000000 RSI: ffffffff81387392 RDI: 0000000000000007 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RBP: ffff8881da91a6c8 R08: ffff88819d332300 R09: 0000000000000000 RIP: 0010:__count_memcg_events include/linux/memcontrol.h:726 [inline] RIP: 0010:count_memcg_events include/linux/memcontrol.h:741 [inline] RIP: 0010:count_memcg_event_mm include/linux/memcontrol.h:763 [inline] RIP: 0010:handle_mm_fault+0x2f5/0xc70 mm/memory.c:3906 R10: 0000000000000000 R11: 0000000000000000 R12: 000fffffc0000000 Code: 00 48 89 c2 48 89 85 60 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 ce 08 00 00 49 8b 85 90 06 00 00 <65> 48 8b 80 c0 01 00 00 48 83 c0 01 bf 20 00 00 00 48 89 c6 48 89 R13: 000f888180000000 R14: ffffc9000125a9b0 R15: 1ffffffff12a4040 RSP: 0000:ffff8881992d7cc8 EFLAGS: 00010046 FS: 00007f4baec24700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 RAX: 0000607e24eb60c0 RBX: ffff8881be2efc60 RCX: ffffffff83938d3d CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RDX: 1ffff1103988663a RSI: ffffffff83938cd8 RDI: 0000000000000007 CR2: ffffc9000125a9b0 CR3: 00000001d1fc1000 CR4: 00000000001406f0 RBP: ffff8881992d7d68 R08: ffff888197876180 R09: ffffed103b5e5b5f DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 R10: ffffed103b5e5b5f R11: ffff8881daf2dafb R12: 1ffff1103325af9c DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400